FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 25 - Transparent Mode > Firewall policies > ISF ACL policies

ISF ACL policies

Traffic accepted and forwarded by an ISF policy is not subject to security inspection. Normally, you should only create ISF policies for traffic that you consider very low risk.

On FortiGate models that include NP4 and XLR ports and an integrated switch fabric , you can create an integrated switch fabric (ISF) access control list (ACL) firewall policy that allows some traffic (for example, multicast traffic) to bypass security inspection, resulting in reduced CPN and NP4 processor load.

This feature is only available in Transparent mode and only between port pairs.

Use the following command to add an ISF ACL shortcut policy:

config firewall isf-acl

config port-pair-1

edit 1

set type binary

set ingressport {port1 | port2}

set offset

set length

set matchpattern <pattern in hex>

set action {bypass | block}

next

edit 2

set type 5-tuple

set srcaddr: a.b.c.d/32

set dstaddr 239.A.A.a/32

set proto UDP

set port XXX

set action {bypass | block}

end

end

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy